Another RAC staffer nabbed for storing, sharing car crash data A former employee of RAC, one of Britain's major roadside recovery service operators, has pleaded guilty to data theft after he stored traffic accident information on his personal device that was passed onto claims companies. Asif Iqbal Khan, 42, was handed a £5,000 ($6,120) penalty, ordered to pay for court costs of more than …
Hard to see how you get 100% protection against people who are required to have access to the data as part of their job.
The very fact that they were able to pin it down to an individual firmly enough for the ICO to get a search warrant suggests pretty tight controls.
I'm more interested in to what extent the claims companies are targeted by the law.
Yep. I've done plenty of data security assessments in my time. You can generally throw technology and rules at most of the threats (assuming management take it seriously enough to give you the budget to implement your design)....but the "bent DBA" bad actor is always the toughest nut to crack. Prevention is more of a personnel/vetting thing than an information security issue...the best that technology can do for the authorised-person-accessing-data (mis)use case is logging.
This post has been deleted by its author
"Hard to see how you get 100% protection against people who are required to have access to the data as part of their job."
Disable external drives so the only export method is a photo of the monitor. Limit what can be seen at once to a single subscriber, so multiple pics are required, becoming more obvious.
Hard to see how you get 100% protection against people who are required to have access to the data as part of their job.The very fact that they were able to pin it down to an individual firmly enough for the ICO to get a search warrant suggests pretty tight controls.
It does look like the RAC have done everything right here and should actually be applauded.
I recently saw a van liveried-up as "Xxxxx Seafood Solutions". I tried to imagine what the problem might be to which seafood was the solution, but I only managed to come up with a scenario whereby I'd just taken unexpected delivery of a sealion left to me by a previously-unknown distant relative in their will.
This post has been deleted by its author
I don't trust anyone or any company who uses the word 'solutions' in this manner. Private Eye used to have a column dedicated to ridiculous uses of the word. Though it's fun to invent your own, such as "Posthumous subterranean interment solutions" (burials) or "horizontal storage solutions" (shelves).
This post has been deleted by its author
1. every little helps, innit guv?
2. a victim surcharge of £170 for '272 individual incidents on phones he owned'
...
3. by the FUCKING way, when you pass on stolen goods to that fat friend of yours in a pawn shop, you just ONE party of the crime. Am I missing the other end of this thread? Case closed?
Admittedly it would just be a pork barrel roll. But how else can we create money from nothing ?
On a serious note, if you can be barred from working with children, why can't you be barred from working with data about children.
#justthinkin'
As noted by other posters, the claims companies aren't included in this story, so why not? Is this the limit to El Reg's journalism these days?
And what's with the $ translation. It's a UK story. If American readers want to have a precise figure I'm sure they can locate it themselves- an approximate guess is probably enough for the gist anyway.
I'm fairly sure this is the first article I've seen where a criminal has had their actual address published in full (**). Why on earth do that, especially as it's implied they no longer live there.
I have a friend who is currently undergoing a barrage of attack on his house as he decided to prosecute a dog owner whose pooch decided to take a bite out of my mate's todger. It turns out the dog owner is a nasty piece of work with friends in the local traveller community who are happy to lob bricks for a few quid. My mate was doxxed (intentionally?) by one of the people in the legal team, and as such his life is now a living hell. And his tackle still hurts.
Doxxing is not something that any professionsl publication should be doing, in my opinion.
(**) I've now realised this isn't the first article; The other one involved some clown at 10 Downing St.
As someone who has spent a lot of time driving around North Yorks and had not heard of this village before, I was curious as to where it might be. According to Google Maps, there is only one village in the entire UK called Higher Whitley and it's in Cheshire, not North Yorks. That's quite a significant geographical error on the part of El Reg. Cut'n'paste of information without fact checking?
The alternative is they turn up, ask if they can come in, go away when told "no", and the criminals have all the time they need to dispose of phones, clean wipe storage etc etc.
It's not just the ICO. Other prosecutring authorities - e.g. HMRC - have the same power. May well be accompanied by a police constable in uniform if there's risk of a breach of the peace.
My friend told me that the (Australian) tax department loved having the police come along. To handle criminal actions by the person under investigation. And the police loved having the tax department come along -- to do warrantless searches of anything that looked interesting as permitted by the tax investigation law.
I'm amazed the ICO took the slightest bit of interest. Not because of the seriousness of it, but because the ICO seem to me to be entirely uninterested in the kind of low level day to day data theft / exfiltration that goes on routinely across the land. Fair play to them. I shall up my opinion o them by a notch.
cynical mode on: one of those drivers called by one of those claim chasers happened to be somebody who knew somebody who knew somebody. In fact, the shorter the chain, the more likely the cause-and-effect link. It'd be fun (?) to find out if any of the top people at ICO have been involved in car accidents prior to their succesful investigation. But hey, who'd investigate the investigators?
Submit it's more likely that it was the only report they've received recently that actually pinned it down to an individual as opposed to "we think it was one of these 50 people. Probably."
But it doesn't matter how inept the ICO is, if they're presented with an open goal, as it appears the RAC did for them, then they're going to go for it because its a nice press release that makes them look good.
Car was parked in a car park, i was not in the car at the time when i came back the car was mangled. So I told the insurance company this yet I still get these muppets ring me to ask if i was injured. So either the lease company who i leased the car from tipped them off or the body shop or the insurer.
This post has been deleted by its author
We had to call out the RAC when one of us was run off the road, damaging the car so it wasn't drivable. RAC "we don't do accident recovery" so we had to pay. Card details over the phone to RAC central, card gets used in a London Tesco a short time later. RAC was the only new use of the card in that time.
Makes you wonder if a few miscreants have worked out there's easy pickings at the call centre.
I’ve had my details shared with ambulance chasers at least once in my life so I occasionally still get the odd call asking about my car crash and injuries.
I either get them talking and ask them to give me more info as a prompt because I have memory loss as a result of the accident or keep them on for a few minutes chatting banal nonsense before advising them I did sustain terrible injuries. By this time they have usually bitten and then call me all the names you can think of when I add “yeh, was so bad I died” and just leave that hanging. Some persistent buggers will try and start the conversation again thinking I mean I died and came back to life but there aren’t many of those.
I like to annoy most cold calling call centre staff in some way, it’s just a case of picking the right bunch of cobblers for the call.
Oh, it also annoys the hell out of my better half who’s heard it too many times so there’s that added bonus.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
